Overview
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. SQL injection attacks are a type of injection attack, in which SQL commands are injected into data-plane input in order to affect the execution of predefined SQL commands. SQL 注入攻击包括通过从客户端到应用程序的输入数据插入或“注入”SQL 查询。 成功的 SQL 注入漏洞可以从数据库中读取敏感数据、修改数据库数据(插入/更新/删除)、对数据库执行管理操作(例如关闭 DBMS)、恢复 DBMS 文件中存在的给定文件的内容 系统并在某些情况下向操作系统发出命令。 SQL 注入攻击是一种注入攻击,其中 SQL 命令被注入到数据平面输入中,以影响预定义 SQL 命令的执行。
Thread Model 威胁建模
SQL injection attacks allow attackers to spoof identity, tamper with existing data, cause repudiation issues such as voiding transactions or changing balances, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and become administrators of the database server. SQL 注入攻击允许攻击者欺骗身份、篡改现有数据、导致交易无效或更改余额等否认问题、允许完全泄露系统上的所有数据、破坏数据或使其不可用,并成为该系统的管理员。 数据库服务器。
Discription
SQL injection attack occurs when:
- An unintended data enters a program from an untrusted source.
- The data is used to dynamically construct a SQL query
The main consequences are: Confidentiality: Since SQL databases generally hold sensitive data, loss of confidentiality is a frequent problem with SQL Injection vulnerabilities. Authentication: If poor SQL commands are used to check user names and passwords, it may be possible to connect to a system as another user with no previous knowledge of the password. Authorization: If authorization information is held in a SQL database, it may be possible to change this information through the successful exploitation of a SQL Injection vulnerability. Integrity: Just as it may be possible to read sensitive information, it is also possible to make changes or even delete this information with a SQL Injection attack.
主要后果是: 机密性:由于 SQL 数据库通常保存敏感数据,因此机密性丢失是 SQL 注入漏洞的常见问题。 身份验证:如果使用糟糕的 SQL 命令来检查用户名和密码,则可能会以其他用户身份连接到系统,而先前不知道密码。 授权:如果授权信息保存在 SQL 数据库中,则有可能通过成功利用 SQL 注入漏洞来更改此信息。 完整性:正如可以读取敏感信息一样,也可以通过 SQL 注入攻击来更改甚至删除这些信息。
Risk Factor
Sql injection has become a common issue with database-driven web sites.The flaw is easily detected, and easily exploited, and as such, any site or software package with even a minimal user base is likely to be subject to an attempted attack of this kind. SQL 注入已成为数据库驱动网站的常见问题。 该缺陷很容易被检测到,也很容易被利用,因此,即使用户群最少的任何站点或软件包都可能受到此类未遂攻击。 Essentially, the attack is accomplished by placing a meta character into data input to then place SQL commands in the control plane, which did not exist there before. This flaw depends on the fact that SQL makes no real distinction between the control and data planes. 从本质上讲,攻击是通过将元字符放入数据输入中,然后将 SQL 命令放入控制平面来完成的,这在以前是不存在的。 这个缺陷取决于 SQL 没有真正区分控制平面和数据平面的事实。
参考地址:https://owasp.org/www-community/attacks/SQL_Injection
|